Computer systems and computational technologies have steadily evolved, during the past 70 years, from initial vacuum-tube-based systems that lacked operating systems, compilers, network connectivity, and most other common features of modern computing systems to vast distributed computing systems that include large numbers of multi-processor servers, data-storage appliances, and multiple layers of internal communications networks interconnected by various types of wide-area networks and that provide computational resources to hundreds, thousands, tens of thousands, or more remote users. As operating systems, and virtualization layers have been developed and refined, over the years, in parallel with the advancements in computer hardware and networking, the robust execution environments provided by distributed operating systems and virtualization layers now provide a foundation for development and evolution of many different types of distributed application programs, including distributed database-management systems, distributed client-server applications, and distributed web-based service-provision applications. This has resulted in a geometric increase in the complexity of distributed computing systems, as a result of which owners, administrators, and users of distributed computing systems and consumers of computational resources provided by distributed computing systems increasingly rely on automated and semi-automated management and computational-resource-distribution subsystems to organize the activities of many users and computational-resource consumers and to control access to, and use of, computational resources within distributed computing systems.
One problem domain that has emerged in the area of distributed computing systems concerns control over various computational entities, including virtual machines, processor-controlled hardware devices, network-attached data-storage devices, and other such computational entities. Although, in modern distributed computing systems, many security technologies are employed to secure computational entities from misuse or hijack, the complexities of modern distributed computing systems and the exposure of internal components of modern distributed computing systems to network access often results in many different types of security vulnerabilities that can be exploited by malicious parties. When external malicious parties succeed in acquiring management control over computational entities within a distributed computing system, for even relatively brief periods of time, the security of the distributed computing system may be severely compromised, leading to unauthorized access to distributed-computing-system data, data loss, and unauthorized operations that can have severe, worldwide repercussions.